GHSA-jr4f-4564-w3mrCriticalCVSS 9.1
When reusing a libcurl handle for sequential transfers driven by environment-variable proxy...
🔗 CVE IDs covered (1)
📋 Description
When reusing a libcurl handle for sequential transfers driven by
environment-variable proxy configuration, libcurl fails to clear the proxy
authentication state between requests. Specifically, if the initial transfer
authenticates against proxyA using Digest auth, a subsequent transfer routed
through proxyB erroneously leaks the Proxy-Authorization: header intended
solely for proxyA.